CVE-2022-21971

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version windows10 windows 11 win srv 19 win srv 22

Description The issue is related to incorrect code generation management in the Windows Runtime component of the Windows operating system. This allows a remote attacker to execute arbitrary code. There is a proof of concept exploit available.

Recommendations For Microsoft Windows versions prior to the fixed version, apply the necessary patch to resolve the issue. For windows10, update to a version that includes the fix for this issue. For windows 11, apply the relevant security update. For win srv 19 and win srv 22, install the available patch to mitigate the risk of exploitation.

Exploit

Fix

RCE

Access of Uninitialized Pointer

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824CWE-94

Related Identifiers

BDU:2022-00917

CVE-2022-21971

Affected Products

Windows

Windows 10

Windows 11

Windows Server 2019

Windows Server 2022

CVE-2022-21971

Weakness Enumeration

Related Identifiers

Affected Products

References · 35